The South-East Asian crisis and the Barings Bank debacle were perhapsthe immediate causes for banks and the supervisors to work together toevolve sound policies for this vital area of management for the financialservices industry. It is indeed heartening that the problem is being analysedglobally and that most countries are not only examining these issues, butare also concerned with developing appropriate strategies suited to theirconditions. A particularly encouraging feature is that whenever there aredifferences of views amongst central regulators, they are aired and evenmade available on their websites for comments. Further, the organizations,which have framed these rules, do not claim that these are ‘model’ rulesand that they need to be copied in toto

Some of the principles enunciated by the International Association ofInsurance Supervisors are discussed in this section. Companies must bemore conscious of strategic risks associated with an internet strategy. Theserisks are critical and would be more so when new products designed forsale on the Internet reach the market. The new underwriting opportunitiesthat would become available must be kept in mind. A critical aspect to beexamined relates to the risks posed by e-commerce that are new or differentin scale or impact from traditional business conducted through otherdistribution channels. Reputations are at stake as mistakes can multiplyand spread quickly.

Strategic RisksThese risks arise when a company engaging in new business strategy, doesnot analyse the implications that decision on electronic commerce will haveon other parts of the organization or the company as a whole. Without sucha plan, the risk of mistakes occurring increases and the chances of the strategysucceeding decrease.The impact on the solvency should be the overreaching considerationin the analysis. In addition the company should be wary of the followingfactors:l The global nature and rapid development and growth of e-commercewill put pressure on its planning and implementation of onlineoperations, in particular, product design and technological applications.l The Internet is an efficient way of doing business, but it is far frombeing cost free. System costs and maintaining customer awarenessof the website may involve significant advertising costs.l Brand loyalty may evaporate in the face of competition. Customerscould switch their business from one to the other company.l There is a danger of some customers being neglected. There is anequal danger that research, product innovation, data security andeven risk management may be neglected.l The speed of processing may complicate management of information.l The dangers of adverse selection could increase and there could beinadequate disclosure by the customers.l It is the responsibility of the Board to choose strategies that reflect thecompany’s desired risk profile, functional capabilities and solvency.It must decide how its internet strategy will influence the company’sphilosophy, the way it conducts business and its financial situation.Without a well thought out strategy, the decision to engage in ecommercemay result in an unwarranted increase in risks at the operationallevel and an unproductive drain on resources.

Operational RisksThese relate to risks that arise as a result of a failure or default in the ITinfrastructure. There could even be deficiencies in the structure available.It may notl have the capacity to handle increased traffic, process transaction andvolume;l be scalable;l be accessible all the time due to a lack of fault tolerant technology;l be secure from internal and external disruption;l be accessible, compatible or interoperable in every market;l have appropriate policies and controls in place for third-party vendors;and have adequate scrutiny of the service provider’s operationalviability, financial liquidity and project management skills.Transaction RisksTransaction risks arise on account of an unauthorized alteration or modificationto texts, information or data transmitted over the computer networkbetween an insurer and the client or vice versa. In e-commerce these risks

arise mainly on account of technology. This risk also includes information,which is hosted on the server or website of a ‘partner’ third party.

Data Security RisksThese risks arise due to losses, unintentional changes or leaks of informationor data in computer systems. These could be broadly divided into twocategories. Incompatibility of the data systems or part of the data systeminformation leaks or information loss may be the cause for such risks. Theexternal links could lead to data breaks. A customer’s personal data maybe illegally accessed. These could complicate and in some cases, negatethe company’s ability to authenticate information and data. Informationconcerning an insurance contract may be changed without authorizationafter the system has been broken into. Thus, a company’s reputation maysuffer.

Connectivity RisksFailure in one part of the system may impact all or other parts of the system.If any part of the internet’s operational system is damaged as a result ofintentional or negligent actions, the company may fail to provide serviceto clients.